File name:

2025-05-17_377f3cf9c9f6537fdce4b4fe4f76364e_amadey_elex_rhadamanthys_smoke-loader

Full analysis: https://app.any.run/tasks/57169c70-7b8e-482a-8ada-3d80de8aab49
Verdict: Malicious activity
Threats:

Ransomware is a type of malicious software that locks users out of their system or data using different methods to force them to pay a ransom. Most often, such programs encrypt files on an infected machine and demand a fee to be paid in exchange for the decryption key. Additionally, such programs can be used to steal sensitive information from the compromised computer and even conduct DDoS attacks against affected organizations to pressure them into paying.

Malware Trends Tracker     >>>
Analysis date: May 17, 2025, 09:48:59
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
neconyd
ransomware
birele
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, 4 sections
MD5:

377F3CF9C9F6537FDCE4B4FE4F76364E

SHA1:

8A0247BA51F5247DAB6B2F1D0B043DE46D19E12D

SHA256:

C477038F67AE3F05FE09670E7722325864038C87DF35B6FE884D94D01358F132

SSDEEP:

3072:FR65qaR6CRp/5y03CwJ3/HxMqMdA33M5tC1isyPFCALzv4mlkVVXV9da0:FmqaRRRZ/MnA3cQYFCOzv3AVXVx

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Connects to the CnC server

      • omsecor.exe (PID: 7520)
      • omsecor.exe (PID: 8180)

    • Neconyd has been detected

      • omsecor.exe (PID: 7520)
      • omsecor.exe (PID: 8180)

    • BIRELE has been detected (SURICATA)

      • omsecor.exe (PID: 7520)
      • omsecor.exe (PID: 8180)

  • SUSPICIOUS

    • Application launched itself

      • 2025-05-17_377f3cf9c9f6537fdce4b4fe4f76364e_amadey_elex_rhadamanthys_smoke-loader.exe (PID: 7356)
      • omsecor.exe (PID: 7448)
      • omsecor.exe (PID: 7520)
      • omsecor.exe (PID: 8160)

    • Executes application which crashes

      • omsecor.exe (PID: 7448)
      • 2025-05-17_377f3cf9c9f6537fdce4b4fe4f76364e_amadey_elex_rhadamanthys_smoke-loader.exe (PID: 7356)
      • omsecor.exe (PID: 8160)

    • Reads security settings of Internet Explorer

      • omsecor.exe (PID: 7520)
      • omsecor.exe (PID: 8180)

    • Executable content was dropped or overwritten

      • 2025-05-17_377f3cf9c9f6537fdce4b4fe4f76364e_amadey_elex_rhadamanthys_smoke-loader.exe (PID: 7376)

    • Contacting a server suspected of hosting an CnC

      • omsecor.exe (PID: 7520)
      • omsecor.exe (PID: 8180)

  • INFO

    • Checks supported languages

      • 2025-05-17_377f3cf9c9f6537fdce4b4fe4f76364e_amadey_elex_rhadamanthys_smoke-loader.exe (PID: 7356)
      • omsecor.exe (PID: 7448)
      • 2025-05-17_377f3cf9c9f6537fdce4b4fe4f76364e_amadey_elex_rhadamanthys_smoke-loader.exe (PID: 7376)
      • omsecor.exe (PID: 7520)
      • omsecor.exe (PID: 8160)
      • omsecor.exe (PID: 8180)

    • The sample compiled with english language support

      • 2025-05-17_377f3cf9c9f6537fdce4b4fe4f76364e_amadey_elex_rhadamanthys_smoke-loader.exe (PID: 7356)

    • Creates files or folders in the user directory

      • 2025-05-17_377f3cf9c9f6537fdce4b4fe4f76364e_amadey_elex_rhadamanthys_smoke-loader.exe (PID: 7376)
      • WerFault.exe (PID: 7612)
      • WerFault.exe (PID: 7596)
      • WerFault.exe (PID: 7208)

    • Checks proxy server information

      • omsecor.exe (PID: 7520)
      • omsecor.exe (PID: 8180)
      • slui.exe (PID: 8092)

    • Reads the computer name

      • omsecor.exe (PID: 7520)
      • omsecor.exe (PID: 8180)

    • Failed to create an executable file in Windows directory

      • omsecor.exe (PID: 7520)
      • omsecor.exe (PID: 8180)

    • Reads the software policy settings

      • slui.exe (PID: 8092)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable (generic) (52.9)
.exe | Generic Win/DOS Executable (23.5)
.exe | DOS Executable Generic (23.5)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2012:11:23 06:17:44+00:00
ImageFileCharacteristics: No relocs, Executable, 32-bit, No debug
PEType: PE32
LinkerVersion: 8
CodeSize: 28672
InitializedDataSize: 98304
UninitializedDataSize: -
EntryPoint: 0x18b6
OSVersion: 4
ImageVersion: -
SubsystemVersion: 4
Subsystem: Windows GUI
FileVersionNumber: 1.0.0.1
ProductVersionNumber: 2.1.0.0
FileFlagsMask: 0x0017
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Unicode
FileDescription: Comments
FileVersion: 0, 1, 2, 0
InternalName: CompanyName
LegalCopyright: LegalTrademarks
OriginalFileName: Build private
ProductName: Movie name
ProductVersion: 0, 0, 0, 0
No data.
screenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
139
Monitored processes
11
Malicious processes
6
Suspicious processes
0

Behavior graph

Click at the process to see the details
start 2025-05-17_377f3cf9c9f6537fdce4b4fe4f76364e_amadey_elex_rhadamanthys_smoke-loader.exe 2025-05-17_377f3cf9c9f6537fdce4b4fe4f76364e_amadey_elex_rhadamanthys_smoke-loader.exe omsecor.exe #BIRELE omsecor.exe werfault.exe no specs werfault.exe no specs slui.exe omsecor.exe #BIRELE omsecor.exe werfault.exe no specs svchost.exe

Process information

PID
CMD
Path
Indicators
Parent process
2196C:\WINDOWS\system32\svchost.exe -k NetworkService -p -s DnscacheC:\Windows\System32\svchost.exe
services.exe
User:
NETWORK SERVICE
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Host Process for Windows Services
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\svchost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\kernel.appcore.dll
7208C:\WINDOWS\SysWOW64\WerFault.exe -u -p 8160 -s 352C:\Windows\SysWOW64\WerFault.exeomsecor.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Problem Reporting
Exit code:
0
Version:
10.0.19041.3996 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\werfault.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\msvcrt.dll
c:\windows\syswow64\combase.dll
7356"C:\Users\admin\Desktop\2025-05-17_377f3cf9c9f6537fdce4b4fe4f76364e_amadey_elex_rhadamanthys_smoke-loader.exe" C:\Users\admin\Desktop\2025-05-17_377f3cf9c9f6537fdce4b4fe4f76364e_amadey_elex_rhadamanthys_smoke-loader.exe
explorer.exe
User:
admin
Integrity Level:
MEDIUM
Description:
Comments
Exit code:
3221225622
Version:
0, 1, 2, 0
Modules
Images
c:\users\admin\desktop\2025-05-17_377f3cf9c9f6537fdce4b4fe4f76364e_amadey_elex_rhadamanthys_smoke-loader.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
7376C:\Users\admin\Desktop\2025-05-17_377f3cf9c9f6537fdce4b4fe4f76364e_amadey_elex_rhadamanthys_smoke-loader.exeC:\Users\admin\Desktop\2025-05-17_377f3cf9c9f6537fdce4b4fe4f76364e_amadey_elex_rhadamanthys_smoke-loader.exe
2025-05-17_377f3cf9c9f6537fdce4b4fe4f76364e_amadey_elex_rhadamanthys_smoke-loader.exe
User:
admin
Integrity Level:
MEDIUM
Description:
Comments
Exit code:
0
Version:
0, 1, 2, 0
Modules
Images
c:\users\admin\desktop\2025-05-17_377f3cf9c9f6537fdce4b4fe4f76364e_amadey_elex_rhadamanthys_smoke-loader.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\shlwapi.dll
7448C:\Users\admin\AppData\Roaming\omsecor.exeC:\Users\admin\AppData\Roaming\omsecor.exe
2025-05-17_377f3cf9c9f6537fdce4b4fe4f76364e_amadey_elex_rhadamanthys_smoke-loader.exe
User:
admin
Integrity Level:
MEDIUM
Description:
Comments
Exit code:
3221225622
Version:
0, 1, 2, 0
Modules
Images
c:\users\admin\appdata\roaming\omsecor.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
7520C:\Users\admin\AppData\Roaming\omsecor.exeC:\Users\admin\AppData\Roaming\omsecor.exe
omsecor.exe
User:
admin
Integrity Level:
MEDIUM
Description:
Comments
Exit code:
0
Version:
0, 1, 2, 0
Modules
Images
c:\users\admin\appdata\roaming\omsecor.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\shlwapi.dll
7596C:\WINDOWS\SysWOW64\WerFault.exe -u -p 7448 -s 340C:\Windows\SysWOW64\WerFault.exeomsecor.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Problem Reporting
Exit code:
0
Version:
10.0.19041.3996 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\werfault.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\msvcrt.dll
c:\windows\syswow64\combase.dll
7612C:\WINDOWS\SysWOW64\WerFault.exe -u -p 7356 -s 356C:\Windows\SysWOW64\WerFault.exe2025-05-17_377f3cf9c9f6537fdce4b4fe4f76364e_amadey_elex_rhadamanthys_smoke-loader.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Problem Reporting
Exit code:
0
Version:
10.0.19041.3996 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\werfault.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\msvcrt.dll
c:\windows\syswow64\combase.dll
8092C:\WINDOWS\System32\slui.exe -EmbeddingC:\Windows\System32\slui.exe
svchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Activation Client
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\slui.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll
8160C:\Users\admin\AppData\Roaming\omsecor.exe /nomoveC:\Users\admin\AppData\Roaming\omsecor.exe
omsecor.exe
User:
admin
Integrity Level:
MEDIUM
Description:
Comments
Exit code:
3221225622
Version:
0, 1, 2, 0
Modules
Images
c:\users\admin\appdata\roaming\omsecor.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
Total events
9 219
Read events
9 213
Write events
6
Delete events
0

Modification events

(PID) Process:(7520) omsecor.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(7520) omsecor.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(7520) omsecor.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(8180) omsecor.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(8180) omsecor.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(8180) omsecor.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
Executable files
1
Suspicious files
9
Text files
3
Unknown types
0

Dropped files

PID
Process
Filename
Type
7596WerFault.exeC:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_omsecor.exe_68195e55ef2d9217276a7e894e3f13a24e24d377_e1d8e39c_3ef47170-423f-40f5-97d8-81f38c42c0fd\Report.wer
MD5:
SHA256:
7612WerFault.exeC:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_2025-05-17_377f3_b764a6c210ed95a858871458421ecaf54a543797_5008d4c7_d6bb0153-49f5-4f78-b18b-df19b9ab7d34\Report.wer
MD5:
SHA256:
7208WerFault.exeC:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_omsecor.exe_68195e55ef2d9217276a7e894e3f13a24e24d377_e1d8e39c_5cea7c63-ab13-4b71-8493-4bf700998387\Report.wer
MD5:
SHA256:
7612WerFault.exeC:\ProgramData\Microsoft\Windows\WER\Temp\WERD5C2.tmp.WERInternalMetadata.xmlbinary
MD5:25ED370CB49234D6E7596503ACC5050B
SHA256:B971ADA7AF59696268125148EFB6CD6DE3858FF961872A5FE4ACF982EFDD9351
7596WerFault.exeC:\ProgramData\Microsoft\Windows\WER\Temp\WERD5A3.tmp.xmlxml
MD5:EEB845523016A343ABD763232082B87A
SHA256:96AF9A6416326FF64425BFDCCAB0D602F4420ABCA8BC74AA9F972AE71FEEBFA6
7208WerFault.exeC:\Users\admin\AppData\Local\CrashDumps\omsecor.exe.8160.dmpbinary
MD5:D4AB247E0E435E7DE400457BBB51F98B
SHA256:D31EA56CF46B201D310BB802347B5B517FBA9CD1FC5A42FEB68894C2A8F6BC61
7208WerFault.exeC:\ProgramData\Microsoft\Windows\WER\Temp\WER35C0.tmp.xmlxml
MD5:66855C2F612F649C0570D10E04AA2809
SHA256:EC70FCDCE1572B78633D002C25E07724F4644DC8BD2E68BF9535B018CD321DF7
7208WerFault.exeC:\ProgramData\Microsoft\Windows\WER\Temp\WER35A0.tmp.WERInternalMetadata.xmlbinary
MD5:05517331FCC5F8135184C36861FBE97C
SHA256:892BC23B946C73E7EC4559FC275F0FA1D745AB0EBDC86132A9BD64B37386217E
7596WerFault.exeC:\ProgramData\Microsoft\Windows\WER\Temp\WERD544.tmp.WERInternalMetadata.xmlbinary
MD5:97A794C03F8C13952724FFE730C34198
SHA256:187F5ACBC11CFDCB5867E1433100192DD5CEFD6AC0AC3C0796693F0C8FE0D5C1
7596WerFault.exeC:\Users\admin\AppData\Local\CrashDumps\omsecor.exe.7448.dmpbinary
MD5:D2A41C83D26B6805A0CA9E10D1DB66E9
SHA256:B6CC12F4DD6E78D48F706C0DA05A1B2369D2400B33C967C86405C2D3345D0A96
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
17
TCP/UDP connections
35
DNS requests
8
Threats
14

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2104
svchost.exe
GET
200
2.16.168.124:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
4212
RUXIMICS.exe
GET
200
2.23.246.101:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
7520
omsecor.exe
GET
193.166.255.171:80
http://lousta.net/439/575.html
unknown
malicious
7520
omsecor.exe
GET
403
75.2.18.233:80
http://mkkuei4kdsz.com/806/195.html
unknown
malicious
7520
omsecor.exe
GET
193.166.255.171:80
http://lousta.net/226/821.html
unknown
malicious
7520
omsecor.exe
GET
403
75.2.18.233:80
http://mkkuei4kdsz.com/239/680.html
unknown
malicious
7520
omsecor.exe
GET
193.166.255.171:80
http://lousta.net/716/383.html
unknown
malicious
7520
omsecor.exe
GET
200
44.247.155.67:80
http://ow5dirasuek.com/198/237.html
unknown
malicious
8180
omsecor.exe
GET
193.166.255.171:80
http://lousta.net/115/365.html
unknown
malicious
8180
omsecor.exe
GET
403
75.2.18.233:80
http://mkkuei4kdsz.com/545/489.html
unknown
malicious
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:138
whitelisted
4212
RUXIMICS.exe
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
2104
svchost.exe
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
7520
omsecor.exe
193.166.255.171:80
lousta.net
Tieteen tietotekniikan keskus Oy
FI
malicious
2104
svchost.exe
2.16.168.124:80
crl.microsoft.com
Akamai International B.V.
RU
whitelisted
4212
RUXIMICS.exe
2.23.246.101:80
www.microsoft.com
Ooredoo Q.S.C.
QA
whitelisted
2104
svchost.exe
2.23.246.101:80
www.microsoft.com
Ooredoo Q.S.C.
QA
whitelisted
4
System
192.168.100.255:137
whitelisted
7520
omsecor.exe
75.2.18.233:80
mkkuei4kdsz.com
AMAZON-02
US
malicious

DNS requests

Domain
IP
Reputation
google.com
  • 142.250.184.238
whitelisted
lousta.net
  • 193.166.255.171
malicious
crl.microsoft.com
  • 2.16.168.124
  • 2.16.168.114
whitelisted
www.microsoft.com
  • 2.23.246.101
whitelisted
settings-win.data.microsoft.com
  • 20.73.194.208
whitelisted
mkkuei4kdsz.com
  • 75.2.18.233
malicious
ow5dirasuek.com
  • 44.247.155.67
malicious
activation-v2.sls.microsoft.com
  • 20.83.72.98
whitelisted

Threats

PID
Process
Class
Message
7520
omsecor.exe
Malware Command and Control Activity Detected
ET MALWARE Ransom.Win32.Birele.gsg Checkin
7520
omsecor.exe
Malware Command and Control Activity Detected
ET MALWARE Ransom.Win32.Birele.gsg Checkin
7520
omsecor.exe
Malware Command and Control Activity Detected
ET MALWARE Ransom.Win32.Birele.gsg Checkin
7520
omsecor.exe
Malware Command and Control Activity Detected
ET MALWARE Ransom.Win32.Birele.gsg Checkin
7520
omsecor.exe
Malware Command and Control Activity Detected
ET MALWARE Ransom.Win32.Birele.gsg Checkin
7520
omsecor.exe
Malware Command and Control Activity Detected
ET MALWARE Ransom.Win32.Birele.gsg Checkin
7520
omsecor.exe
Malware Command and Control Activity Detected
ET MALWARE Ransom.Win32.Birele.gsg Checkin
7520
omsecor.exe
Malware Command and Control Activity Detected
ET MALWARE Ransom.Win32.Birele.gsg Checkin
8180
omsecor.exe
Malware Command and Control Activity Detected
ET MALWARE Ransom.Win32.Birele.gsg Checkin
8180
omsecor.exe
Malware Command and Control Activity Detected
ET MALWARE Ransom.Win32.Birele.gsg Checkin
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
2025-05-17_377f3cf9c9f6537fdce4b4fe4f76364e_amadey_elex_rhadamanthys_smoke-loader